[ advisories | exploits | discussions | news | conventions | security tools | texts & papers ]
 main menu
- feedback
- advertising
- privacy
- FightAIDS
- newsletter
- news
- read forum
- new topic
- search

- meetings list
- recent additions
- add your info
 top 100 sites
- visit top sites
- sign up now
- members

- add your url
- add domain
- search box
- link to us

- our projects
- free email
 m4d network
- security software
- secureroot
- m4d.com
Home : Advisories : AT&T System V Release 4 /bin/login Vulnerability

Title: AT&T System V Release 4 /bin/login Vulnerability
Released by: CERT
Date: 23rd May 1991
Printable version: Click here

Hash: SHA1

- ---------------------------------------------------------------------------


Last Revised: Spetmeber 18,1997

                Attached copyright statement

                               CERT Advisory

                                 May 23, 1991

               AT&T System V Release 4 /bin/login Vulnerability

- ---------------------------------------------------------------------------

The Computer Emergency Response Team/Coordination Center (CERT/CC) has

received information concerning a security vulnerability in AT&T's UNIX(r)

System V Release 4 operating system.  AT&T is providing a software upgrade 

for Release 4 operating system vendors and a patch for AT&T Computer Systems

customers.  AT&T has also provided a suggested fix for all Release 4

based systems.


- ---------------------------------------------------------------------------


     A security vulnerability exists in /bin/login in AT&T's System V

     Release 4 operating system.


     System users can gain unauthorized privileges.



     A.  AT&T Computer Systems customers

         Log into the root account.  Change the execution permission on

         the file /bin/login.

                chmod 500 /bin/login

         Contact AT&T Computer Systems at 800-922-0354 to obtain a fix.

         The numbers associated with the fix are 156 (3.5" media) and

         157 (5.25" media).

         International customers should contact their local AT&T 

         Computer Systems representative.

     B.  All other System V Release 4 based systems

         Log into the root account.  Change the execution permission on

         the file /bin/login.

                chmod 500 /bin/login

         Release 4 customers should contact their operating system

         supplier for details on the availability of the software


- ---------------------------------------------------------------------------

The CERT/CC would like to thank AT&T for their timely response to our

report of this vulnerability.

- ---------------------------------------------------------------------------

If you believe that your system has been compromised, contact CERT/CC via

telephone or e-mail.

Computer Emergency Response Team/Coordination Center (CERT/CC)

Software Engineering Institute

Carnegie Mellon University

Pittsburgh, PA 15213-3890

Internet E-mail: cert@cert.org

Telephone: 412-268-7090 24-hour hotline:

           CERT/CC personnel answer 7:30a.m.-6:00p.m. EST,

           on call for emergencies during other hours.

Past advisories and other computer security related information are available

for anonymous ftp from the cert.org ( system.

- -----------------------------------------------------------------------------

Copyright 1991 Carnegie Mellon University. Conditions for use, disclaimers,

and sponsorship information can be found in

http://www.cert.org/legal_stuff.html and http://ftp.cert.org/pub/legal_stuff .

If you do not have FTP or web access, send mail to cert@cert.org with

"copyright" in the subject line.

CERT is registered in the U.S. Patent and Trademark Office.


Revision History

September 18,1997  Attached Copyright Statement


Version: PGP for Personal Privacy 5.0

Charset: noconv





(C) 1999-2000 All rights reserved.